Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(57)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/core/common/cloud/cloud_policy_validator.cc

Issue 2453993004: Match server version of DM API proto. (Closed)
Patch Set: Style and comment fixes. Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/policy/core/common/cloud/cloud_policy_client_unittest.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/policy/core/common/cloud/cloud_policy_validator.h" 5 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 244 matching lines...) Expand 10 before | Expand all | Expand 10 after
255 255
256 for (size_t i = 0; i < arraysize(kCheckFunctions); ++i) { 256 for (size_t i = 0; i < arraysize(kCheckFunctions); ++i) {
257 if (validation_flags_ & kCheckFunctions[i].flag) { 257 if (validation_flags_ & kCheckFunctions[i].flag) {
258 status_ = (this->*(kCheckFunctions[i].checkFunction))(); 258 status_ = (this->*(kCheckFunctions[i].checkFunction))();
259 if (status_ != VALIDATION_OK) 259 if (status_ != VALIDATION_OK)
260 break; 260 break;
261 } 261 }
262 } 262 }
263 } 263 }
264 264
265 // Verifies the |new_public_key_verification_signature| for the |new_public_key| 265 // Verifies the |new_public_key_verification_signature_deprecated| for the
266 // in the policy blob. 266 // |new_public_key| in the policy blob.
267 bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() { 267 bool CloudPolicyValidatorBase::CheckNewPublicKeyVerificationSignature() {
268 // If there's no local verification key, then just return true (no 268 // If there's no local verification key, then just return true (no
269 // validation possible). 269 // validation possible).
270 if (verification_key_.empty()) { 270 if (verification_key_.empty()) {
271 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, 271 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
272 METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING, 272 METRIC_POLICY_KEY_VERIFICATION_KEY_MISSING,
273 METRIC_POLICY_KEY_VERIFICATION_SIZE); 273 METRIC_POLICY_KEY_VERIFICATION_SIZE);
274 return true; 274 return true;
275 } 275 }
276 276
277 if (!policy_->has_new_public_key_verification_signature()) { 277 if (!policy_->has_new_public_key_verification_signature_deprecated()) {
278 // Policy does not contain a verification signature, so log an error. 278 // Policy does not contain a verification signature, so log an error.
279 LOG(ERROR) << "Policy is missing public_key_verification_signature"; 279 LOG(ERROR) << "Policy is missing public_key_verification_signature";
280 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, 280 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
281 METRIC_POLICY_KEY_VERIFICATION_SIGNATURE_MISSING, 281 METRIC_POLICY_KEY_VERIFICATION_SIGNATURE_MISSING,
282 METRIC_POLICY_KEY_VERIFICATION_SIZE); 282 METRIC_POLICY_KEY_VERIFICATION_SIZE);
283 return false; 283 return false;
284 } 284 }
285 285
286 if (!CheckVerificationKeySignature( 286 if (!CheckVerificationKeySignature(
287 policy_->new_public_key(), 287 policy_->new_public_key(),
288 verification_key_, 288 verification_key_,
289 policy_->new_public_key_verification_signature())) { 289 policy_->new_public_key_verification_signature_deprecated())) {
290 LOG(ERROR) << "Signature verification failed"; 290 LOG(ERROR) << "Signature verification failed";
291 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, 291 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
292 METRIC_POLICY_KEY_VERIFICATION_FAILED, 292 METRIC_POLICY_KEY_VERIFICATION_FAILED,
293 METRIC_POLICY_KEY_VERIFICATION_SIZE); 293 METRIC_POLICY_KEY_VERIFICATION_SIZE);
294 return false; 294 return false;
295 } 295 }
296 // Signature verification succeeded - return success to the caller. 296 // Signature verification succeeded - return success to the caller.
297 DVLOG(1) << "Signature verification succeeded"; 297 DVLOG(1) << "Signature verification succeeded";
298 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification, 298 UMA_HISTOGRAM_ENUMERATION(kMetricPolicyKeyVerification,
299 METRIC_POLICY_KEY_VERIFICATION_SUCCEEDED, 299 METRIC_POLICY_KEY_VERIFICATION_SUCCEEDED,
300 METRIC_POLICY_KEY_VERIFICATION_SIZE); 300 METRIC_POLICY_KEY_VERIFICATION_SIZE);
301 return true; 301 return true;
302 } 302 }
303 303
304 bool CloudPolicyValidatorBase::CheckVerificationKeySignature( 304 bool CloudPolicyValidatorBase::CheckVerificationKeySignature(
305 const std::string& key, 305 const std::string& key,
306 const std::string& verification_key, 306 const std::string& verification_key,
307 const std::string& signature) { 307 const std::string& signature) {
308 DCHECK(!verification_key.empty()); 308 DCHECK(!verification_key.empty());
309 em::PolicyPublicKeyAndDomain signed_data; 309 em::DEPRECATEDPolicyPublicKeyAndDomain signed_data;
310 signed_data.set_new_public_key(key); 310 signed_data.set_new_public_key(key);
311 311
312 // If no owning_domain_ supplied, try extracting the domain from the policy 312 // If no owning_domain_ supplied, try extracting the domain from the policy
313 // itself (this happens on certain platforms during startup, when we validate 313 // itself (this happens on certain platforms during startup, when we validate
314 // cached policy before prefs are loaded). 314 // cached policy before prefs are loaded).
315 std::string domain = owning_domain_.empty() ? 315 std::string domain = owning_domain_.empty() ?
316 ExtractDomainFromPolicy() : owning_domain_; 316 ExtractDomainFromPolicy() : owning_domain_;
317 if (domain.empty()) { 317 if (domain.empty()) {
318 LOG(ERROR) << "Policy does not contain a domain"; 318 LOG(ERROR) << "Policy does not contain a domain";
319 return false; 319 return false;
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after
560 return verifier.VerifyFinal(); 560 return verifier.VerifyFinal();
561 } 561 }
562 562
563 template class CloudPolicyValidator<em::CloudPolicySettings>; 563 template class CloudPolicyValidator<em::CloudPolicySettings>;
564 564
565 #if !defined(OS_ANDROID) && !defined(OS_IOS) 565 #if !defined(OS_ANDROID) && !defined(OS_IOS)
566 template class CloudPolicyValidator<em::ExternalPolicyData>; 566 template class CloudPolicyValidator<em::ExternalPolicyData>;
567 #endif 567 #endif
568 568
569 } // namespace policy 569 } // namespace policy
OLDNEW
« no previous file with comments | « components/policy/core/common/cloud/cloud_policy_client_unittest.cc ('k') | components/policy/core/common/cloud/cloud_policy_validator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698